I am pleased to announce the first release of "pyscanlogd", a network port scan detection and logging tool, written in Python.
Pyscanlogd is inspired by scanlogd and can log network port scans by listening to packets in promiscous mode. It has the ability to log most fast port scans and also slow port scans done by nmap.
Pyscanlogd is dependent upon pypcap and dpkt.
The tool is derived from the ASPN Python cookbook recipe #576690. Since the recipe has undergone a few revisions already, the tool is being released at 0.5 version.
Here are some items in the TODO list of the tool for the future.
1. Configuration file to adjust threshold etc. 2. Ability to detect host sweeps apart from port scans 3. Logging format customization 4. Try and detect hping stealth scans